Avatar of DMCKIB88
DMCKIB88
 asked on

cross site scripting (XSS)

Help . . .
Application appears to be vulnerable to cross site scripting (XSS)
I need to HTML encode data before sending it to the browser

Filtering < and > alone will not solve all cross site scripting attacks. It is suggested you also attempt to filter out open and closing parenthesis or convert them to their encoded equivalents

This is the page how do I change to stop this. Below page
______________________________________________

include("./_include/core/main_start.php");

class CPhotoEdit extends CHtmlBlock
{
      function select_channel_name($channel_id)
      {
            $result_channel = DB::query("SELECT name FROM videogallery_channels WHERE id = ".to_sql($channel_id, "Number")." and status = 'ACTIVE'");
            $row_channel = DB::fetch_row();
            return $row_channel;
      }

      function parseBlock(&$html)
      {
            global $g;
            global $g_user;

            $fla = get_param("fla", "");
            $show = get_param("show", "");
            $cat = get_param("cat", "");
            $start = get_param("start", "");
            if (empty($fla)) $fla="top_plays";
            if (empty($show)) $show="all";
            if (empty($cat)) $cat=0;
            if (empty($start)) $start=0;

            $result=DB::query("SELECT * FROM videogallery_channels WHERE status = 'ACTIVE'");
            $num_cat=DB::num_rows();
            if ($num_cat>0)
            {
                  $html->setvar("fla", $fla);
                  $html->setvar("show", $show);
                  $html->setvar("cat_id", 0);
                  $html->parse("all_categories", true);
                  while ($row=DB::fetch_row())
                  {
                        $html->setvar("fla", $fla);
                        $html->setvar("show", $show);
                        $html->setvar("cat_id", $row['id']);
                        $html->setvar("cat_name", $row['name']);
                        $html->parse("categories", true);
                  }
            }

            $eu = ($start - 0);
            $limit = 15;
            $this_page = $eu + $limit;
            $back = $eu - $limit;
            $next = $eu + $limit;

            if (!empty($cat))
            {
                  $channel_name = $this->select_channel_name($cat);
                  $ch_nm =  $channel_name[0];
                  $add_query=" and (videogallery_video.channels LIKE ".to_sql("%,".$ch_nm.",%")." or videogallery_video.channels LIKE ".to_sql("%,".$ch_nm)." or videogallery_video.channels LIKE ".to_sql($ch_nm.",%").")";
            }
            else
            {
                  $add_query="";
            }

            $title="";
            if($fla=="top_plays")
            {
                  if ($show=="today")
                  {
                        $query_video = "select *, count( * ) AS temp from videogallery_video, videogallery_watch where videogallery_video.status = 'ACTIVE' and videogallery_video.id=videogallery_watch.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_watch.data))<=1 $add_query GROUP BY videogallery_watch.vid ORDER BY temp DESC";
                        $title="Today's Top Plays";
                  }
                  elseif ($show=="week")
                  {
                        $query_video = "select *, count( * ) AS temp from videogallery_video, videogallery_watch where videogallery_video.status = 'ACTIVE' and videogallery_video.id=videogallery_watch.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_watch.data))<=7 $add_query GROUP BY videogallery_watch.vid ORDER BY temp DESC";
                        $title="Weekly Top Plays";
                  }
                  elseif ($show=="month")
                  {
                        $query_video = "select *, count( * ) AS temp from videogallery_video, videogallery_watch where videogallery_video.status = 'ACTIVE' and videogallery_video.id=videogallery_watch.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_watch.data))<=31 $add_query GROUP BY videogallery_watch.vid ORDER BY temp DESC";
                        $title="Monthly Top Plays";
                  }
                  elseif ($show=="all")
                  {
                        $query_video = "select * from videogallery_video where status = 'ACTIVE' $add_query ORDER BY `no_of_times_viewed` DESC";
                        $title="All Top Plays";
                  }
            }
            elseif($fla=="just_added")
            {
                  $query_video = "select * from videogallery_video where status = 'ACTIVE' and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_video.video_date))<=1 $add_query";
                  $title="New Today";
            }
            elseif($fla=="most_comments")
            {
                  if ($show=="today")
                  {
#                        $query_video = "SELECT *, count( * ) AS temp FROM `videogallery_video` , `videogallery_comments` WHERE videogallery_comments.comment_id = videogallery_video.id AND videogallery_video.status = 'ACTIVE' AND videogallery_comments.comment_type = 'VIDEO' AND videogallery_comments.status = 'ACTIVE' and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_comments.data))<=1 $add_query GROUP BY videogallery_video.id ORDER BY `temp` DESC";
                        $query_video = "SELECT *, (SELECT count( * ) FROM `videogallery_comments` WHERE videogallery_comments.comment_id = videogallery_video.id AND videogallery_comments.comment_type = 'VIDEO' AND videogallery_comments.status = 'ACTIVE' and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_comments.data))<=1) AS temp FROM `videogallery_video` WHERE videogallery_video.status = 'ACTIVE' $add_query ORDER BY `temp` DESC";
                        $title="Today's Most Comments";
                  }
                  elseif ($show=="week")
                  {
#                        $query_video = "SELECT *, count( * ) AS temp FROM `videogallery_video` , `videogallery_comments` WHERE videogallery_comments.comment_id = videogallery_video.id AND videogallery_video.status = 'ACTIVE' AND videogallery_comments.comment_type = 'VIDEO' AND videogallery_comments.status = 'ACTIVE' and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_comments.data))<=7 $add_query GROUP BY videogallery_video.id ORDER BY `temp` DESC";
                        $query_video = "SELECT *, (SELECT count( * ) FROM `videogallery_comments` WHERE videogallery_comments.comment_id = videogallery_video.id AND videogallery_comments.comment_type = 'VIDEO' AND videogallery_comments.status = 'ACTIVE' and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_comments.data))<=7) AS temp FROM `videogallery_video` WHERE videogallery_video.status = 'ACTIVE' $add_query ORDER BY `temp` DESC";
                        $title="Weekly Most Comments";
                  }
                  elseif ($show=="month")
                  {
                        $query_video = "SELECT *, (SELECT count( * ) FROM `videogallery_comments` WHERE videogallery_comments.comment_id = videogallery_video.id AND videogallery_comments.comment_type = 'VIDEO' AND videogallery_comments.status = 'ACTIVE' and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_comments.data))<=31) AS temp FROM `videogallery_video` WHERE videogallery_video.status = 'ACTIVE' $add_query ORDER BY `temp` DESC";
                        $title="Monthly Most Comments";
                  }
                  elseif ($show=="all")
                  {
                        $query_video = "SELECT *, (SELECT count( * ) FROM `videogallery_comments` WHERE videogallery_comments.comment_id = videogallery_video.id AND videogallery_comments.comment_type = 'VIDEO' AND videogallery_comments.status = 'ACTIVE') AS temp FROM `videogallery_video` WHERE videogallery_video.status = 'ACTIVE' $add_query ORDER BY `temp` DESC";
                        $title="All Most Comments";
                  }
            }
            elseif($fla=="top_rated")
            {
                  if ($show=="today")
                  {
#                        $query_video = "select *, count( * ) AS temp from videogallery_video, videogallery_rated where videogallery_video.status = 'ACTIVE' and videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=1 $add_query GROUP BY videogallery_rated.vid ORDER BY temp DESC";
                        $query_video = "select *, (select count( * ) from videogallery_rated where videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=1) AS temp FROM videogallery_video WHERE videogallery_video.status = 'ACTIVE' and (select count( * ) from videogallery_rated where videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=1)>0 $add_query ORDER BY temp DESC";
                        $title="Today's Highest Rated";
                  }
                  elseif ($show=="week")
                  {
#                        $query_video = "select *, count( * ) AS temp from videogallery_video, videogallery_rated where videogallery_video.status = 'ACTIVE' and videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=7 $add_query GROUP BY videogallery_rated.vid ORDER BY temp DESC";
                        $query_video = "select *, (select count( * ) from videogallery_rated where videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=7) AS temp FROM videogallery_video WHERE videogallery_video.status = 'ACTIVE' and (select count( * ) from videogallery_rated where videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=7)>0 $add_query ORDER BY temp DESC";
                        $title="Weekly Highest Rated";
                  }
                  elseif ($show=="month")
                  {
#                        $query_video = "select *, count( * ) AS temp from videogallery_video, videogallery_rated where videogallery_video.status = 'ACTIVE' and videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=31 $add_query GROUP BY videogallery_rated.vid ORDER BY temp DESC";
                        $query_video = "select *, (select count( * ) from videogallery_rated where videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=31) AS temp FROM videogallery_video WHERE videogallery_video.status = 'ACTIVE' and (select count( * ) from videogallery_rated where videogallery_video.id=videogallery_rated.vid and (TO_DAYS(CURDATE())-TO_DAYS(videogallery_rated.data))<=31)>0 $add_query ORDER BY temp DESC";
                        $title="Monthly Highest Rated";
                  }
                  elseif ($show=="all")
                  {
                        $query_video = "select * from videogallery_video where status = 'ACTIVE' $add_query ORDER BY `rate` DESC";
                        $title="All Highest Rated";
                  }
            }

            $query_video_all=$query_video;
            $query_video.=" limit ".to_sql($eu, "Number").", ".to_sql($limit, "Number")."";

            $result=DB::query($query_video_all);
            $nume=DB::num_rows();

            $xx=1;
            $result_video = DB::query($query_video);
            while ($row_video = DB::fetch_row())
            {
                  $result_comment = DB::query("SELECT * FROM videogallery_comments WHERE comment_type = 'VIDEO' and comment_id = '".$row_video['id']."' and status = 'ACTIVE'",1);
                  $num_comment = DB::num_rows(1);

                  $html->setvar("video_id", $row_video['id']);
                  $html->setvar("video_image", $row_video['video_image']);
                  $html->setvar("video_title", $row_video['title']);
                  $html->setvar("video_plays", $row_video['no_of_times_viewed']);
                  $html->setvar("video_comments", $num_comment);

                  $xx++;
                  if ($xx==4)
                  {
                        $html->parse("line_videos", true);
                        $xx=1;
                  }
                  else $html->setblockvar("line_videos", "");

                  $html->parse("videos", true);
            }

            $html->setvar("fla", $fla);
            $html->setvar("show", $show);
            $html->setvar("cat_id", $cat);
            $html->setvar("this_count", $eu+1);
            if ($next<$nume)
            {
                  $html->setvar("next_count", $next);
            }
            else
            {
                  $html->setvar("next_count", $nume);
            }
            $html->setvar("all_count", $nume);
                if ($nume/$limit>5) {
                      $tostart=$eu;
                      $tonume=(1+round($eu/15))*15;
                }
                else {
                      $tostart=0;
                      $tonume=$nume;
              }

              if ($tostart>0) {
                  $html->setvar("toleft", $tostart-15);
                  $html->parse("left_2", true);
            }
            $l=$tostart/15+1;

            for($i=$tostart;$i < $tonume;$i=$i+$limit)
            {
                  $html->setblockvar("page_1", "");
                  $html->setblockvar("page", "");
                  if($i <> $eu){
                        $html->setvar("i", $i);
                        $html->setvar("l", $l);
                        $html->parse("page", true);
                        $html->setblockvar("page_1", "");
                        $html->parse("pages_1", true);
                  }
                  else {
                        $html->setvar("l", $l);
                        $html->setblockvar("page", "");
                        $html->parse("page_1", true);
                        $html->parse("pages_1", true);
                  }
                  $l=$l+1;
            }
            if ($nume>$tonume) {
                  $html->setvar("toright", $tonume);
                  $html->parse("right_2", true);
            }
            if($back >=0) {
                  $html->setvar("back", $back);
                  $html->parse("prev", true);
            }
            if ($back >=0&&$this_page < $nume)
            {
                  $html->parse("separator", true);
            }
            if($this_page < $nume) {
                  $html->setvar("next", $next);
                  $html->parse("next", true);
            }
            $html->parse("pages", true);

            parent::parseBlock($html);
      }
}

class VidoHeader extends CHtmlBlock
{

      var $sMessage = "";

      function VidoHeader($name, $html_path)
      {
            $this->CHtmlBlock($name, $html_path);

      }

      function parseBlock(&$html)
      {
            global $g;
            global $g_user;

            $fla = get_param("fla", "");
            $show = get_param("show", "");
            $cat = get_param("cat", "");
            $start = get_param("start", "");
            if (empty($fla)) $fla="top_plays";
            if (empty($show)) $show="all";
            if (empty($cat)) $cat=0;
            if (empty($start)) $start=0;

            $result_cat=DB::query("SELECT * FROM videogallery_channels WHERE status = 'ACTIVE' and id=".to_sql($cat)."");
            $num_cat=DB::num_rows();
            if ($num_cat>0){
                  $row=DB::fetch_row();
                  $show_cat=$row['name'];
            }
            else{
                  $show_cat="All Categories";
            }

            $html->parse("navy", true);
            $html->setvar("cur_page", "videogallery_video_view.php");
            $html->setvar("fla", $fla);
            $html->setvar("show", $show);
            $html->setvar("show_cat", $show_cat);
            $html->setvar("cat", $cat);
            $title="";
            if($fla=="top_plays")
            {
                  if ($show=="today")
                  {
                        $title="Today's Top Plays";
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="week")
                  {
                        $title="Weekly Top Plays";
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="month")
                  {
                        $title="Monthly Top Plays";
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="all")
                  {
                        $title="All Top Plays";
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
            }
            elseif($fla=="just_added")
            {
                  $title="New Today";
                  $html->parse("top_plays_a", true);
                  $html->parse("top_plays_a1", true);
                  $html->parse("top_plays", true);
                  $html->parse("just_added", true);
                  $html->parse("most_comments_a", true);
                  $html->parse("most_comments_a1", true);
                  $html->parse("most_comments", true);
                  $html->parse("name_cat", true);
                  $html->parse("top_rated_a", true);
                  $html->parse("top_rated_a1", true);
                  $html->parse("top_rated", true);
            }
            elseif($fla=="most_comments")
            {
                  if ($show=="today")
                  {
                        $title="Today's Most Comments";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="week")
                  {
                        $title="Weekly Most Comments";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="month")
                  {
                        $title="Monthly Most Comments";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="all")
                  {
                        $title="All Most Comments";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated_a", true);
                        $html->parse("top_rated_a1", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
            }
            elseif($fla=="top_rated")
            {
                  if ($show=="today")
                  {
                        $title="Today's Highest Rated";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="week")
                  {
                        $title="Weekly Highest Rated";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="month")
                  {
                        $title="Monthly Highest Rated";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month", true);
                        $html->parse("all_a", true);
                        $html->parse("all_a1", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
                  elseif ($show=="all")
                  {
                        $title="All Highest Rated";
                        $html->parse("top_plays_a", true);
                        $html->parse("top_plays_a1", true);
                        $html->parse("top_plays", true);
                        $html->parse("just_added_a", true);
                        $html->parse("just_added_a1", true);
                        $html->parse("just_added", true);
                        $html->parse("most_comments_a", true);
                        $html->parse("most_comments_a1", true);
                        $html->parse("most_comments", true);
                        $html->parse("top_rated", true);
                        $html->parse("show_cat_r", true);
                        $html->parse("today_a", true);
                        $html->parse("today_a1", true);
                        $html->parse("today", true);
                        $html->parse("week_a", true);
                        $html->parse("week_a1", true);
                        $html->parse("week", true);
                        $html->parse("month_a", true);
                        $html->parse("month_a1", true);
                        $html->parse("month", true);
                        $html->parse("all", true);
                        $html->parse("name_cat", true);
                        $html->parse("show_for", true);
                  }
            }
            $html->parse("show_cat", true);

            $html->setvar("title", $title);
            $html->parse("title", true);


            parent::parseBlock($html);
      }
}

$page = new CPhotoEdit("", $g['tmpl']['dir_tmpl_main'] . "videogallery_video_view.html");
$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.html");
$page->add($header);
$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html");
$page->add($footer);

$users_ims = new CIms("ims", $g['tmpl']['dir_tmpl_main'] . "_ims.html");
$page->add($users_ims);

$vidoheader = new VidoHeader("videogallery_vido_header", $g['tmpl']['dir_tmpl_main'] . "videogallery_vido_header.html");
$page->add($vidoheader);

include("./_include/core/main_close.php");

?>
Web Languages and StandardsScripting LanguagesPHP

Avatar of undefined
Last Comment
Oscurochu

8/22/2022 - Mon
HackneyCab

This looks like a homework question. You're not allowed to ask people to do your homework for you.
ASKER CERTIFIED SOLUTION
steelseth12

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
DMCKIB88

ASKER
This is not my homework, but I had my program written for me and HackerSafe says that the program should not run, because of the cross site scripting. I will give you any points to solve this for me. If you need more of the program please let me know which part. Thanks
steelseth12

Thanks for ignoring my comments goodnight and good luck.
Your help has saved me hundreds of hours of internet surfing.
fblack61
SOLUTION
HackneyCab

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
DMCKIB88

ASKER
I entered the same title, because it was the same question on different files. I do have experience, but If this is a security issue I thought that maybe with the experts on this site that I could come up with other ideas.
Sorry if this is too much. Thanks,
Oscurochu

I think two of the three questions should be deleted, perhaps the two that really don't have any good answers?

I only see the need for one of these posts. Another user said this is "homework." You can decide on this, however.
DMCKIB88

ASKER
HTML encode data before sending it to the browser.

Filtering < and > alone will not solve all cross site scripting attacks. It is suggested you also attempt to filter out open and closing parenthesis or convert them to their encoded equivalents.

This is their suggestion.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Oscurochu

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.